GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,049 advisories
Filter by severity
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
High
CVE-2024-28233
was published
for
jupyterhub
(pip)
Mar 28, 2024
Gradio's CI vulnerable to Command Injection
High
CVE-2024-1540
was published
for
gradio
(pip)
Mar 27, 2024
•
withdrawn
gradio Server-Side Request Forgery vulnerability
High
CVE-2024-2206
was published
for
gradio
(pip)
Mar 27, 2024
ansys-geometry-core OS Command Injection vulnerability
High
CVE-2024-29189
was published
for
ansys-geometry-core
(pip)
Mar 25, 2024
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
High
CVE-2024-1603
was published
for
paddlepaddle
(pip)
Mar 23, 2024
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
High
CVE-2024-29190
was published
for
mobsfscan
(pip)
Mar 22, 2024
ESPHome vulnerable to Authentication bypass via Cross site request forgery
High
CVE-2024-29019
was published
for
esphome
(pip)
Mar 21, 2024
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
High
CVE-2024-29033
was published
for
oauthenticator
(pip)
Mar 20, 2024
Denial of service via regular expression
High
CVE-2024-28865
was published
for
wiki
(pip)
Mar 18, 2024
RCE in TranformGraph().to_dot_graph function
High
CVE-2023-41334
was published
for
astropy
(pip)
Mar 18, 2024
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server
High
CVE-2024-26164
was published
for
mssql-django
(pip)
Mar 12, 2024
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
High
CVE-2024-28184
was published
for
weasyprint
(pip)
Mar 8, 2024
RPyC's missing security check results in code execution when using numpy.array on the server-side.
High
CVE-2024-27758
was published
for
rpyc
(pip)
Mar 6, 2024
ESPHome vulnerable to remote code execution via arbitrary file write
High
CVE-2024-27081
was published
for
esphome
(pip)
Mar 1, 2024
Docassemble unauthorized access through URL manipulation
High
CVE-2024-27292
was published
for
docassemble.base
(pip)
Feb 29, 2024
Duplicate Advisory: ReDos vulnerability of XMLFeedSpider
High
GHSA-7c9g-vj9m-8pm6
was published
for
scrapy
(pip)
Feb 28, 2024
•
withdrawn
orjson does not limit recursion for deeply nested JSON documents
High
CVE-2024-27454
was published
for
orjson
(pip)
Feb 26, 2024
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
High
CVE-2024-27133
was published
for
mlflow
(pip)
Feb 24, 2024
Onnx Directory Traversal vulnerability
High
CVE-2024-27318
was published
for
onnx
(pip)
Feb 23, 2024
pypqc private key retrieval vulnerability
High
GHSA-rc4p-p3j9-6577
was published
for
pypqc
(pip)
Feb 22, 2024
Potentially untrusted input is rendered as HTML in final output
High
CVE-2024-26151
was published
for
mjml
(pip)
Feb 22, 2024
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
High
CVE-2024-26130
was published
for
cryptography
(pip)
Feb 21, 2024
Potential buffer overflow in CBOR2 decoder
High
CVE-2024-26134
was published
for
cbor2
(pip)
Feb 21, 2024
Cross-site Scripting in Pyhtml2pdf
High
CVE-2024-1647
was published
for
pyhtml2pdf
(pip)
Feb 20, 2024
ProTip!
Advisories are also available from the
GraphQL API